search menu icon-carat-right cmu-wordmark

DevOps Blog

Technical Guidelines and Practical Advice for DevOps

Latest Posts

Writing and Delivering the Final DevOps Assessment Report: Seventh in a Series

Writing and Delivering the Final DevOps Assessment Report: Seventh in a Series

• DevOps Blog
Jose Morales

The time has come for the final step of the DevOps Assessment: the final report. Now is your chance to document all your findings, recommendations, and related material. The report is the key artifact documenting every aspect of the entire DevOps assessment: persons (team members, customer, and all others involved in the assessment minus the actual interviewees), places (locations of interviews and other meetings related to this assessment, they can be physical or virtual locations,...

Read More
Reviewing Formalized DevOps Assessment Findings and Crafting Recommendations: Sixth in a Series

Reviewing Formalized DevOps Assessment Findings and Crafting Recommendations: Sixth in a Series

• DevOps Blog
Jose Morales

Reviewing DevOps assessment findings and formalizing them into a final list is critical to precisely identifying obstacles to the client. Drafting the appropriate recommendation is key to improving the organization's software development capabilities. This blog post series, based on a paper by me and my colleagues Hasan Yasar and Aaron Volkmann, discusses the process, challenges, approaches, and lessons learned in implementing DevOps in the software development lifecycle (SDLC) within highly regulated environments (HREs)....

Read More
Formalizing DevOps Assessment Findings and Crafting Recommendations: Fifth in a Series

Formalizing DevOps Assessment Findings and Crafting Recommendations: Fifth in a Series

• DevOps Blog
Jose Morales

Reviewing DevOps assessment findings and formalizing them into a final list is critical to precisely identifying obstacles to the client. Drafting the appropriate recommendation is key to improving the organization's software development. We will dicuss both topics in this blog post. This blog post series, based on a paper by me and my colleagues Hasan Yasar and Aaron Volkmann, discusses the process, challenges, approaches, and lessons learned in implementing DevOps in the software development lifecycle...

Read More
Performing the DevOps Assessment: Fourth in a Series

Performing the DevOps Assessment: Fourth in a Series

• DevOps Blog
Jose Morales

The overall purpose of a DevOps assessment is to help improve the software development lifecycle (SDLC). Applying DevOps in highly regulated environments (HREs), be they academic, government, or industrial, can be challenging. HREs are mandated by policies for various reasons, most often general security and protection of intellectual property. The restrictions of these policies make the sharing and open access principles of DevOps that much harder to apply. This blog post series, based on a...

Read More
Establishing the Pre-assessment DevOps Posture of an SDLC in a Highly Regulated Environment: Third in a Series

Establishing the Pre-assessment DevOps Posture of an SDLC in a Highly Regulated Environment: Third in a Series

• DevOps Blog
Jose Morales

This third installment in our blog series on implementing DevOps in highly regulated environments (HREs), which is based upon a recently published paper, discusses the second step in a DevOps assessment: establishing the pre-assessment DevOps posture of an HRE. (Read the first and second post in the series.) The posture is the current DevOps implementation, if any, in an HRE's software development lifecycle (SDLC). Recall that the ultimate goal of the DevOps assessment is to...

Read More
Expectations for Implementing DevOps in a Highly Regulated Environment: Second in a Series

Expectations for Implementing DevOps in a Highly Regulated Environment: Second in a Series

• DevOps Blog
Jose Morales

This second installment in the blog post series on implementing DevOps in highly regulated environments (HREs), which is excerpted from a recently published paper, discusses the first step in a DevOps assessment: setting expectations with the organization. This step is a critical task in an assessment because it sets the boundaries of what will be performed and delivered....

Read More
Challenges to Implementing DevOps in Highly Regulated Environments: First in a Series

Challenges to Implementing DevOps in Highly Regulated Environments: First in a Series

• DevOps Blog
Jose Morales

In academia, government, and industry, DevOps has become a standard, straightforward option for streamlining efforts and increasing comprehensive participation by all stakeholders in the software development lifecycle (SDLC). In highly regulated environments (HREs) within these three sectors, however, applying DevOps can prove challenging. HREs are mandated by policies for various reasons, the most often being general security and protection of intellectual property thus making the sharing and open access principles of DevOps that much harder...

Read More
Deploying the CERT Microcosm DevSecOps Pipeline using Docker-Compose and Kubernetes

Deploying the CERT Microcosm DevSecOps Pipeline using Docker-Compose and Kubernetes

• DevOps Blog
Shane Ficorilli

According to DevSecOps: Early, Everywhere, at Scale, a survey published by Sonatype, "Mature DevOps organizations are able to perform automated security analysis on each phase (design, develop, test) more often than non-DevOps organizations." Since DevOps enables strong collaboration and automation of the process and enforces traceability, mature DevOps organizations are more likely to perform automated security analysis than non DevOps organizations. My previous blog post, Microcosm: A Secure DevOps Pipeline as Code, helped address the...

Read More